Does a password on the Windows log in screen help to prevent internet hckers?

James T Kirk USS Enterprise · Mar 9, 2014

hi everyone. i heard that you can make your computer more secure by using a password on the Windows log in screen.
do i need a password on the Windows log in screen (as a means of twarting (or helping to twart) hckers online)?

i am not talking about it being used for physical security measures, like for the guy in the cubile next to you; i talking about only for security purposes when considering repelling online only "attacks".

Ahmadjon · Mar 9, 2014

No it won't help to prevent hacking your PC by hackers, it would only help to prevent other people run your PC

manofchalk · Mar 9, 2014

Nope.

Physical security is a lock on the door and bars on your windows, a password of any kind is considered digital security BTW.

James T Kirk USS Enterprise · Mar 10, 2014

thanks guys. i just wanted to make sure because someone said it did, so i didn’t know.

hi Ahmadjon, nice to meet you

hey manofchalk, good to see you,

White Hat

Ahmadjon · Mar 10, 2014

James T Kirk USS Enterprise :

Nice to meet you too

Ijack · Mar 10, 2014

I'm surprised at the answers you have been given. An account that can access a computer without using a password is a security risk that can be exploited by someone sitting at the computer or someone connecting via the Internet. Setting passwords on all accounts is one step in securing your computer.

So, in answer to your question, Yes - you can most certainly make a computer more secure against hackers by requiring a password at log on. It is just one in a number of steps that you have to take, but it is one of the most important.

Saga Lout · Mar 10, 2014

I think it's also important to take out the defaulted ticked options to allow the computer to be taken over remotely. If that can happen, only your password stands between you and the bad guys. If you're that worried, take your user account down one step to Standard level.

Personally, I only have a password to keep my wife out of my PC but it would it would have to be be a pretty determined hacker that gets in to my system because remote control is no longer an option.

vmN · Mar 10, 2014

Well, the tickbox you are talking about is simply windows version of remote control.(which is pretty secure, 'hackers' do not use this).

Hackers would most likely have infected you with a RAT(Remote access Trojan) virus.

To be perfectly clear, a windows login is only secure for the general people. A 'hacker' could easily disable the password(If he had physical access to your computer).

As said a windows password is perfectly fine for the general security against non-'hackers'.

EDIT: To be clear a windows login wont have any difference from a virtual hacker.
My recommendation would be to setup an external firewall, that is the far best option against remote-control.

Ijack · Mar 10, 2014

A 'hacker' could easily disable the password(If he had physical access to your computer).

Most Internet hackers do not have physical access. A password is like a lock on your front door; it doesn't guarantee to stop an intruder but it provides more protection than just leaving the door open. To say that a password offers no protection against hackers (which implies you might as well do without one) is dangerous.

vmN · Mar 10, 2014

We might think different, as the windows login isn't like a frontdoor.
It is like a gate, where you are also looking yourself out, it is upperlish useless if you want to use your own computer.
The RAT will simply just start running(as most viruses it will automatically run on startup) when you login.

I might not express is correctly if that is the case please say so.

EDIT:
Imagine:
There is a locked gate, you are standing infront of it.
The hackers are standing by your site, without an key.
When you open the gate to get to the other site, the hackers simply follow.

James T Kirk USS Enterprise · Mar 11, 2014

hi Ijack, boy am i glad you showed up. this is COMPLETELY different from what everyone has been saying so far!!!

that's good to know. i appreciate that Ijack!

hi Saga Lout, wow, i'm glad you made it. i was REALLY hoping to talk to you again.
dang, your really security savvy. i had this one question for you earlier that i "really" really wantedd to ask you, but its been so long that i have forgotten it now.
maybe i'll remember. too bad, i can't just say, hey saga lout, yea, this is the question that i wanted to ask you.

remote control:
excellent suggestion. i've long since disable this nice little "feature" that is AVAILABLE for us to use, as i noticed this vulnerability a while back.

vmN, hey bro, great to see you!

"Well, the tickbox you are talking about is simply windows version of remote control.(which is pretty secure, 'hackers' do not use this)."
its called a "worm attack"...

ah, so that's what rat is... i knew rat was bad, but i didn't know HOW it was used.

vmN, so your saying that when you enter your password, that they simply enter at the same time?
i thought that if a hacker was inside your computer that they could have access ANYTIME that they wanted to, not just when you are ABLE to....
[i'm not talking about when it is turned off]

White Hat

vmN · Mar 11, 2014

No they do not enter it, they dont have to.
You see viruses will be ran at startup, like many other applications like skype and such.

It was only a point that a windows password is worth nothing against 'wireless hackers'.

If you are infected by a virus, and he have the ability to remote control your computer(most doesn't even remote control anymore, they simply take screenshots, keylogger and such) when the system is running. He cannot run when there is a windows login, but neither can you so what is the point with it?

Ijack · Mar 11, 2014

You need to understan how Windows security works. It's not like a locked gate, but it's a question of being given a token that gives you access to various areas of the computer. Every time you try to access anything the computer checks that you have that token and that the token allows you to access the resource.

You can get that token via the interactive logon screen, or by accessing a network resource, or in other ways. But before the system will give you that token it needs to know that you are who you say you are. It does this by asking you a question which it then checks against an encrypted database. That question is the password - it doesn't matter whether you supply that password via a log on screen or some other way.

Now if you don't set a password on your account then it's like saying to the computer "just give my token to anyone who asks for it and says they are me - you don't have to check that they really are". Whether you think that makes your computer less secure is up to you.

vmN · Mar 11, 2014

I understand exactly how windows security works and how general malware works, so please.

If we are talking about a hacker remote-controlling your computer, he will most-likely use a RAT(explained before) instead of windows remote control.

A RAT is a program generally programmed in ring3, even so many are called rootkits(because of resistance, hiding from other ring3 applications and such) so it should have been called an advance userkit.

Such program would never interfere with windows login.

It would simply run on startup(after login) like other programs.

Ijack · Mar 11, 2014

Imagine:
There is a locked gate, you are standing infront of it.
The hackers are standing by your site, without an key.
When you open the gate to get to the other site, the hackers simply follow.

I'm afraid that demonstrates that you do not understand how Windows security works, so please. There's no point in following someone through the gate if a security man is later going to ask to see your token. The problem is not a locked gate - it is to get a valid token.

vmN · Mar 11, 2014

What exactly do you mean by token, im 100% sure windows security doesn't ask any process about token or validation

Ijack · Mar 11, 2014

I mean an Access Token. Read about it here: http://technet.microsoft.com/en-us/library/cc783557(v=ws.10).aspx

Windows security is somewhat more complicated than metaphors such as locked gates. It is important to understand this if you want to make informed decisions about security.

vmN · Mar 11, 2014

Just read it on my mobile and is sound like read write execute, which there are lot of ways to go around.

Ijack · Mar 11, 2014

vmN :

I'm afraid that you continue to demonstrate a lack of understanding as to how it works, and I'm not inclined to continue to educate you on the matter. I'd suggest that you get a good book on Windows internals and study it.

Suffice it to say that accounts without passwords are a severe security risk so, to answer the OP's question again, requiring a logon password is a first line of defence against both local and network hackers.

Saga Lout · Mar 11, 2014

I'd like to steer this discussion away from outrightly teaching hacking so can you guys please take care what you post.

James T Kirk USS Enterprise · Mar 12, 2014

hello,

there's always ways around things, but WITHOUT actually going around them, the win login posses an obstacle.

i wasn't asking if there was a WAY "around" the password, i was just asking if it actually POSSED an obstacle...

White Hat

vmN · Mar 12, 2014

To be clear a windows login password is no protection against 'internet hackers'.

Windows password is a security against the normal person, and is more than fine for that.

My recommendations is still a external firewall.

Also I would never teach anything about hacking, I'm just saying that to be able to protect yourself against hackers and viruses, you would need to understand how those works.

James T Kirk USS Enterprise · Mar 15, 2014

thanks vmN,

i just wanted to clear this up.

GOD IS MY SHEILD

Does a password on the Windows log in screen help to prevent internet hckers?

Distinguished

Splendid

Glorious

Distinguished

Splendid

Splendid

Retired Mod

Honorable

Splendid

Honorable

Distinguished

Honorable

Splendid

Honorable

Splendid

Honorable

Splendid

Honorable

Splendid

Retired Mod

Distinguished

Honorable

Distinguished

Share this page